fix: auto detect upstream protocol

[zirain]

This PR changed the default behavior when you enabled tls on EnvoyProxy but without alpn.
Before:

typedExtensionProtocolOptions unset, which means http1.

After:

AutoHttpConfig enabled, which means:

// Clusters configured with “AutoHttpConfig“ will use the highest available
// protocol; HTTP/2 if supported, otherwise HTTP/1.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.05%. Comparing base (efc3d2c) to head (2938f7e).
⚠️ Report is 8 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6792      +/-   ##
==========================================
+ Coverage   71.02%   71.05%   +0.02%     
==========================================
  Files         227      227              
  Lines       40331    40350      +19     
==========================================
+ Hits        28645    28670      +25     
+ Misses       9992     9987       -5     
+ Partials     1694     1693       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[arkodg]

hey @zirain can you also update the doc string in

gateway/api/v1alpha1/tls_types.go

Line 83 in 5ebc004

// +optional

that defaults to [http/1.1, h2]

and add a breaking changes note in the release notes

[arkodg]

can we verify, http/1.1 is being used here ?

[zirain]

%UPSTREAM_PROTOCOL% will help here, need more work.

[zirain]

it's tested here:

gateway/test/e2e/testdata/expect/echo-service-tls-settings-res.yaml

Line 4 in a685667

negotiatedProtocol: "http/1.1"

[arkodg]

this means, if ALPN is set to h2, it won't actually connect over h2 (without setting applicationProtocol in the backend), is that right ?

[zirain]

if alpnProtocols = [h2], requiresAutoHTTPConfig is false, it should be same as the old logic which means use h2.
what I missed?

gateway/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml

Lines 253 to 254 in 5ebc004

	alpnProtocols:
	- h2

[arkodg]

imo we should use this for the default case when tls is non nil

[zirain]

Priority
- Use Client Protocol
- Force H2 using Backend App Protocol or GRPCRoute ( isHTTP2)
- TLS != nil (AutoTLS)
- Default ( H1)

[arkodg]

cc @guydc

[arkodg]

should this be above requiresHTTP1Options ?

[guydc]

Also above http2 options, if that's the case, right?

[zirain]

I don't think it should be above http2 options because of the priority is as following:

Priority
- Use Client Protocol
- Force H2 using Backend App Protocol or GRPCRoute ( isHTTP2)
- TLS != nil (AutoTLS)
- Default ( H1)

@arkodg previous priority didn't point out the case of explicit http1 settings.

requiresHTTP1Options := args.http1Settings != nil &&
		(args.http1Settings.EnableTrailers || args.http1Settings.PreserveHeaderCase || args.http1Settings.HTTP10 != nil)

[arkodg]

yeah, I think this field should be renamed to hasHTTP1Options , and Auto tls should take precedence over it (it will also consume those http1 values)

[zirain]

this PR won't be backported, let's discuss it in an seperated PR?

[arkodg]

right now if a user sets http1options and http2options in BTP for all routes, they cannot use auto TLS to decide the right proto to use per backend, which is why im recommending moving case requiresAutoHTTPConfig above case requiresHTTP1Options

[zirain]

In that case, we might need more work about merge those options into auto.
That's why I proposal to do it in another PR, and also discuss guydc's comment.

[arkodg]

sure follow up PR works

[guydc]

Also above http2 options, if that's the case, right?

[guydc]

In another issue, we should clarify how this field works. For example, what happens when:

• Using grpc route/h2 proto but setting backend ALPN to [http/1.1] ? Would it break? would it be ignored?
• Using preserve client proto but setting backend ALPN to [not-a-real-proto]
  etc.

I don't think that we can perform any sort of validation in this case to stop users from configuring bad values, since this value has meaning in the context of a specific backend, e.g. proxy has backends that grpc while others require auto and others preservation.